If Not True Then False

Install SVN Server on Fedora 25/24, CentOS/RHEL 7.3/6.8/5.11 - Comment Page: 3

This is guide, howto install SVN (Subversion) server on Fedora 25/24/23/22/21/20, CentOS 7.3/6.8/5.11, Red Hat (RHEL) 7.3/6.8/5.11. What is SVN (Subversion)? Subversion is a free/open-source version control system. Subversion manages files and directories, and the changes made to them, over time. This allows you to recover older versions of your data, or examine the history of how your data...

311 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Input your comment.
help

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Input your name.

max

Hi JR;

Very nice work!

Wondering if you could shed some light on the following 2 issues.

1. When executing the following command –
“chcon -R -t httpd_sys_rw_content_t /var/www/svn/testrepo”

It returns many lines like this one –
“chcon: failed to change context of /var/www/svn/smackdab to root:object_r:httpd_sys_rw_content_t: Invalid argument”

2. When issuing the follow from the browser –
“http://localhost/svn/testrepo”

I does *** NOT *** challange for user credentials. It just goes straight to the repository.

Any help much appreciated.

Max…

reply Reply
max

Hi JR;

Update;

I changed the to exactly match your example and I am now getting challanged for credentials but I cannot get in using the the username and password that I setup. The other problem still remains; “”chcon: failed to change context of /var/www/svn/smackdab to root:object_r:httpd_sys_rw_content_t: Invalid argument”.

// ————————————————–

Posting output of following commands;

cat /etc/httpd/conf.d/subversion.conf
ls -laZ /var/www/
ls -laZ /var/www/svn
ls -laZ /var/www/svn/testrepo

// ————————————————–

cat /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

DAV svn
SVNParentPath /var/www/svn
AuthType Basic
AuthName “Subversion repositories”
AuthUserFile /etc/svn-auth-users
Require valid-user

// ————————————————–

ls -laZ /var/www/

drwxr-xr-x root root system_u:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:var_t ..
drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t cgi-bin
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t error
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t icons
drwxr-xr-x root root root:object_r:httpd_sys_content_t svn

// ————————————————–

ls -laZ /var/www/svn

drwxr-xr-x root root root:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t ..
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t testrepo

// ————————————————–

ls -laZ /var/www/svn/testrepo

drwxr-xr-x apache apache root:object_r:httpd_sys_content_t .
drwxr-xr-x root root root:object_r:httpd_sys_content_t ..
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t conf
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t dav
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t db
-rwxr-xr-x apache apache root:object_r:httpd_sys_content_t format
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t hooks
drwxr-xr-x apache apache root:object_r:httpd_sys_content_t locks
-rwxr-xr-x apache apache root:object_r:httpd_sys_content_t README.txt

Any help much appreciated.

Max…

reply Reply
max

Hi JR;

Got the “credential” problem resolved. Though there is an issue of overwritting the user crendials when using “htpasswd -cm /etc/svn-auth-users testuser”. If I create user1 and then user2, user1 is no longer in the “svn-auth-users” file. To fix it I had to manually enter the info created by the command into the file .

All that remains is the – ”chcon: failed to change context of /var/www/svn/smackdab to root:object_r:httpd_sys_rw_content_t: Invalid argument”.

Any help is MUCH appreciated.

Max…

reply Reply
JR

Hi max,

Try following commands instead:


chcon -h system_u:object_r:httpd_sys_rw_content_t /var/www/svn/smackdab
chcon -R -h apache:object_r:httpd_sys_rw_content_t /var/www/svn/smackdab/*
reply Reply
max

Hi JR;

As root, I tried the commands you suggested, both failed. Should I be in a particular place in the file-system before issuing the commands?

INPUT
chcon -h system_u:object_r:httpd_sys_rw_content_t /var/www/svn/repotest

RESULT
chcon: failed to change context of /var/www/svn/repotest to system_u:object_r:httpd_sys_rw_content_t: Invalid argument

INPUT
# chcon -R -h apache:object_r:httpd_sys_rw_content_t /var/www/svn/repotest/*

RESULT
chcon: failed to change context of /var/www/svn/repotest/conf to apache:object_r:httpd_sys_rw_content_t: Invalid argument
chcon: failed to change context of /var/www/svn/repotest/conf/passwd to apache:object_r:httpd_sys_rw_content_t: Invalid argument

Thank you JR!

reply Reply
JR

Interesting, could you post output of following commands:


uname -a

lsb_release -a

rpm -qa coreutils\* selinux\* |sort
reply Reply
Will

You’re not running the htpasswd with the ‘-cm’ both times are you? If so, you’re overwritting your /etc/svn-auth-users file and that’s why user1 is not longer there.

reply Reply
Will

I ran both of the chcon commands as my repoadm, not as root. Worked for me.

reply Reply
Will

Great bit of work you provided here. Just wanted to add a few things that I found along the way. While these instructions are great for controlling who can modify your repository, if you need to further restrict access (i.e., read/execute) outside of your owner/group levels you need to change the permissions to world. I wanted to restrict everything down to just the owner and those that would be working in SVN. Therefore, the chown -R you performed was changed to repoadm.apache. I add repoadm to the apache and svnusers group and the apache user to the repoadm. I had to do a chmod -R on the /var/www/svn to give g+w and o-rx.

Note to those that are testing out their implementation. When testing with a user that should NOT have the abiltity to perform tasks and the login fails, do NOT then switch to an authorized user and sign in on the same instance. The login information is cached in that account’s /home directory under the .subversion directory. If you happen to do this, delete that .subversion directory. Don’t worry about losing it, because it will be recreated the next time you do an SVN command for that account again.

Great Work JR, thanks for the instructions.

reply Reply
JR

Hi Will,

And thanks for sharing! Very nice idea to do this! :)

reply Reply
Kang

Using Firefox to browse to: http://localhost/svn/repos

And I get error:

Forbidden

You don’t have permission to access /svn/repos on this server.

Apache/2.2.22 (Fedora) Server at localhost Port 80

Thank JR.

reply Reply
MG

Hello!

I have tried to setup SVN on my fedora server with so many how tos…. I do everything as it is said in the tutorials. The problem I have is that I always get 404 Not Found, when I’m trying to see some results either via my domain or even via localhost on my server.
Do you have an idea what I could have done wrong?

Thanks in advance

MG

reply Reply
Will

Apologies for the double post, but for some reason I didn’t do a reply, but a normal one. Delete the first one if you can/don’t mind.

MG,

Can you perform ‘svn ls file:///var/www/svn’ and get a return? If so, then it sounds like you don’t have apache setup correctly in your user accounts. While you may be logged in as yourself, when you perform actions against the http:// it is really apache that is serving up your request. Ensure that your apache user is associated with the group that owns your /var/www/svn and /var/www/svn/repo. Also, make sure that both of those locations have the same owner/group setups and the permissions are set to 755 for the svn and 775 for the repo level. This will further restrict unauthorized users from accessing your data.

Will

reply Reply
MG

Hey Will

Thanks for the fast response. I rebooted the computer yesterday and I have several problems more now \o/. I will look at your suggestions when I’m back on the state I was…

reply Reply
MG

Will,

Thanks a lot for your help. I found out my crap router is causing problems. I got a new one and followed the tutorial here step by step. It works fine now! I only have one issue… I can only login with testuser2. testuser and a self created user won’t work… have I missed to grant the users rights somewhere?

Thanks in advance

MG

reply Reply
Will

MG,

Sounds like you’re running the htpasswd command string with the
-cm option each time. You only run the -c option of that when you are creating your initial user because it is creating the user authorization file. For each additional user you add, use htpasswd -m /etc/svn-auth-users testuser (replace the /etc/svn-auth-users portion with whatever path you have for your file). To check to see if that is the problem, cat the /etc/svn-auth-users file and see if the users have been added to that file. If not, it is more than likely the -cm option problem.

Hope that helps out, let me know.
Will

reply Reply
Will

MG,

Can you perform ‘svn ls file:///var/www/svn’ and get a return? If so, then it sounds like you don’t have apache setup correctly in your user accounts. While you may be logged in as yourself, when you perform actions against the http:// it is really apache that is serving up your request. Ensure that your apache user is associated with the group that owns your /var/www/svn and /var/www/svn/repo. Also, make sure that both of those locations have the same owner/group setups and the permissions are set to 755 for the svn and 775 for the repo level. This will further restrict unauthorized users from accessing your data.

Will

reply Reply
migueldesousa

hi there great tut.
i only have a question where is the configuration file wich one can set the auto-props.

cause there was no files in /etc/subversion and i create one conf and put like
enable-auto-props = yes
[auto-props]
* = svn:needs-lock = *

and gave me nothing no new files were marked with that propertie.

Could you please help me out ??? :)

reply Reply
JR

Hi migueldesousa,

Thank you!

The subversion configuration area is for subversion clients, not the
server. Right place for auto-props is ~/.subversion/config configured per-user or /etc/subversion/config configured machine-wide. And user own configuration overrides /etc/subversion/config.

reply Reply
migueldesousa

thanks,
So i should configure the client not the server.
Thanks :D i was like crazy searching how tha heck i could configure this :) Thank you very much

reply Reply
JD

Hi, I have the same problem as in the first comment. The solutions given are not working for me. Do you have any other ideas?


# svn import -m 'Initial import' /tmp/svn-structure-template/ http://localhost/svn/testrepo/
Authentication realm: Subversion repositories
Password for 'root':
Authentication realm: Subversion repositories
Username: jp
Password for 'jp':
svn: Repository moved permanently to 'http://localhost/svn/testrepo/'; please relocate

reply Reply
JR

Hi JD,

Could you post your subversion.conf file content?

reply Reply
JD

Hi JR,

[code]# cat /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, “/var/www/svn”. Each repository
# must be both:
#
# a) readable and writable by the ‘apache’ user, and
#
# b) labelled with the ‘httpd_sys_content_t’ context if using
# SELinux
#

#
# To create a new repository “http://localhost/repos/stuff” using
# this configuration, run as root:
#
# # cd /var/www/svn
# # svnadmin create stuff
# # chown -R apache.apache stuff
# # chcon -R -t httpd_sys_content_t stuff
#

#
# DAV svn
# SVNParentPath /var/www/svn
#
# # Limit write permission to list of valid users.
#
# # Require SSL connection for password protection.
# # SSLRequireSSL
#
# AuthType Basic
# AuthName “Authorization Realm”
# AuthUserFile /path/to/passwdfile
# Require valid-user
#
#

DAV svn
SVNParentPath /var/www/svn
AuthType Basic
AuthName “Subversion repositories”
AuthUserFile /etc/svn-auth-users
Require valid-user

reply Reply
JR

Okay :)

Could you next post output of following commands:


ls -la /var/www/
ls -la /var/www/svn
ls -la /var/www/testrepo
reply Reply
JD

# ls -la /var/www/
totaal 28
drwxr-xr-x 7 root root 4096 29 mrt 15:54 .
drwxr-xr-x. 16 root root 4096 22 mrt 15:12 ..
drwxr-xr-x 2 root root 4096 13 feb 15:31 cgi-bin
drwxr-xr-x 3 root root 4096 29 mrt 15:50 error
drwxr-xr-x 2 root root 4096 13 feb 15:31 html
drwxr-xr-x 3 root root 4096 29 mrt 15:50 icons
drwxr-xr-x 3 root root 4096 29 mrt 15:54 svn

# ls -la /var/www/svn
totaal 12
drwxr-xr-x 3 root root 4096 29 mrt 15:54 .
drwxr-xr-x 7 root root 4096 29 mrt 15:54 ..
drwxr-xr-x. 6 apache apache 4096 29 mrt 15:54 testrepo

ls -la /var/www/testrepo
ls: kan geen toegang krijgen tot /var/www/testrepo: Bestand of map bestaat niet

But I think you mean:

# ls -la /var/www/svn/testrepo/
totaal 32
drwxr-xr-x. 6 apache apache 4096 29 mrt 15:54 .
drwxr-xr-x 3 root root 4096 29 mrt 15:54 ..
drwxr-xr-x. 2 apache apache 4096 29 mrt 15:54 conf
drwxr-sr-x. 6 apache apache 4096 29 mrt 15:54 db
-r--r--r--. 1 apache apache 2 29 mrt 15:54 format
drwxr-xr-x. 2 apache apache 4096 29 mrt 15:54 hooks
drwxr-xr-x. 2 apache apache 4096 29 mrt 15:54 locks
-rw-r--r--. 1 apache apache 229 29 mrt 15:54 README.txt

reply Reply
JR

Thanks, looks good…and you are totally right, I meant /var/www/svn/testrepo and I need also same output also with context parameter. :)

So could you also post output of following commands:


ls -laZ /var/www/
ls -laZ /var/www/svn
ls -laZ /var/www/svn/testrepo
reply Reply
JD

# ls -laZ /var/www/
drwxr-xr-x root root ? .
drwxr-xr-x. root root system_u:object_r:var_t:s0 ..
drwxr-xr-x root root ? cgi-bin
drwxr-xr-x root root ? error
drwxr-xr-x root root ? html
drwxr-xr-x root root ? icons
drwxr-xr-x root root ? svn

# ls -laZ /var/www/svn
drwxr-xr-x root root ? .
drwxr-xr-x root root ? ..
drwxr-xr-x. apache apache apache:object_r:httpd_sys_rw_content_t testrepo

# ls -laZ /var/www/svn/testrepo
drwxr-xr-x. apache apache apache:object_r:httpd_sys_rw_content_t .
drwxr-xr-x root root ? ..
drwxr-xr-x. apache apache apache:object_r:httpd_sys_rw_content_t conf
drwxr-sr-x. apache apache apache:object_r:httpd_sys_rw_content_t db
-r--r--r--. apache apache apache:object_r:httpd_sys_rw_content_t format
drwxr-xr-x. apache apache apache:object_r:httpd_sys_rw_content_t hooks
drwxr-xr-x. apache apache apache:object_r:httpd_sys_rw_content_t locks
-rw-r--r--. apache apache apache:object_r:httpd_sys_rw_content_t README.txt

reply Reply
JR

Some reason your ls -laZ /var/www/ command output looks little bit strange. You could try fix svn directory security context with following command:


chcon -R -t httpd_sys_content_t /var/www/svn

Is it working then? If not, then please post ls -laZ /var/www/ output again…

reply Reply
JD

When I try your command I get this:


# chcon -R -t httpd_sys_content_t /var/www/svn
chcon: can't apply partial context to unlabeled file `/var/www/svn'

I think this has something to do with SELinux?

reply Reply
JR

Yes this is SELinux problem.

Then try following instead:


chcon -h system_u:object_r:httpd_sys_content_t /var/www/svn

Is it working then? Or do get more some another error?

reply Reply
JD

Ok, no error now but still not working :)

]# ls -laZ /var/www/
drwxr-xr-x root root ? .
drwxr-xr-x. root root system_u:object_r:var_t:s0 ..
drwxr-xr-x root root ? cgi-bin
drwxr-xr-x root root ? error
drwxr-xr-x root root ? html
drwxr-xr-x root root ? icons
-rw-r--r-- root root ? index.html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t svn

When I connect with my webbrowser (on a other system) to http://192.168.1.20/svn/testrepo/ I get this:

testrepo – Revision 0: /

Powered by Subversion version 1.6.17 (r1128011).

reply Reply
JR

Actually it’s working then…you should get testrepo – Revision 0: / because you have imported nothing yet… :)

Try to run import:


## run this only if you don't have svn directories already ##
mkdir -p /tmp/svn-structure-template/{trunk,branches,tags}

## then run real import command ##
svn import -m 'Initial import' /tmp/svn-structure-template/ http://localhost/svn/testrepo/

Do you get any errors?

reply Reply
JD

I already tried that:

# svn import -m 'Initial import' /tmp/svn-structure-template/ http://localhost/svn/testrepo/
Authentication realm: Subversion repositories
Password for 'root':
Authentication realm: Subversion repositories
Username: jp
Password for 'jp':
svn: Repository moved permanently to 'http://localhost/svn/testrepo/'; please relocate

reply Reply
JR

Did you run it again after you changed /var/www/svn directory SELinux security context?
And did you run it on same machine where your svn server is running?

If you want run import command from remote system then you need to use your server ip address instead localhost.

Normally this error svn: Repository moved permanently to … please relocate refers to some error on subversion.conf. You could post it again inside code-block if you want to and you could of course create some another repo and test, if it’s working…

reply Reply
JD

Yes I did it after your command. And on the local machine I get the same page (with Lynx).
I think the problem still is that “httpd_sys_content_t” thing.

@Will I know, but that’s stripped because I used the wrong code tag.

# cat /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

# ...... blabla

DAV svn
SVNParentPath /var/www/svn
AuthType Basic
AuthName "Subversion repositories"
AuthUserFile /etc/svn-auth-users
Require valid-user

reply Reply
JR

If it’s just like:


...

   DAV svn
   SVNParentPath /var/www/svn
   AuthType Basic
   AuthName "Subversion repositories"
   AuthUserFile /etc/svn-auth-users
   Require valid-user

Then it’s okay… :)

<pre lang=”bash”>content</pre> should work… ;)

And when you see testrepo – Revision 0: /, it means that you can use your repo, but some reason import is not working…could you try following example on that remote machine:


mkdir /tmp/testrepo

cd /tmp/testrepo

svn co http://your_ip/svn/testrepo .

echo "test" > test.txt

svn add test.txt

svn ci -m 'Test commit'

Is it possible to commit?

reply Reply
JD

# svn co http://localhost/svn/testrepo .
Authentication realm: Subversion repositories
Password for 'root':
Authentication realm: Subversion repositories
Username: jp
Password for 'jp':
svn: Repository moved permanently to 'http://localhost/svn/testrepo/'; please relocate

reply Reply
Will

Hey guys, I may be off on this, but from the subversion.conf file, I don’t see any Location tags (i.e., ). Also, make sure that they are not set to .

Will

reply Reply
Will

It removed the Location example that I provided before. The example should be “” Greater than followed by Location /svn Less than with a trailing Greater than Location Less than symbol.

Will

reply Reply
Will

Yeah, now that I tried to type in the Location tags I see it goes away.

reply Reply
JR

Hi Jen,

Could you first post your subversion.conf, you can put it inside following tags:
<pre lang=”bash”>content</pre> :)

reply Reply
JD
# cat /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn".  Each repository
# must be both:
#
#   a) readable and writable by the 'apache' user, and
#
#   b) labelled with the 'httpd_sys_content_t' context if using
#   SELinux
#

#
# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#
#   # cd /var/www/svn
#   # svnadmin create stuff
#   # chown -R apache.apache stuff
#   # chcon -R -t httpd_sys_content_t stuff
#

#
#   DAV svn
#   SVNParentPath /var/www/svn
#
#   # Limit write permission to list of valid users.
#   
#      # Require SSL connection for password protection.
#      # SSLRequireSSL
#
#      AuthType Basic
#      AuthName "Authorization Realm"
#      AuthUserFile /path/to/passwdfile
#      Require valid-user
#   
#


   DAV svn
   SVNParentPath /var/www/svn
   AuthType Basic
   AuthName "Subversion repositories"
   AuthUserFile /etc/svn-auth-users
   Require valid-user

reply Reply
Jen


   DAV svn
   SVNPath /var/www/svn
   AuthType Basic
   AuthName "Subversion repositories"
   AuthUserFile /etc/svn-auth-users
   Require valid-user

I tried SVNParentPath and it throws an error on httpd restart. No error with SVNPath.

reply Reply
Jen

JR, I have it working now. I made another change and went back to the configuration and was able to use SVNParentPath and it now works.

Thank You

reply Reply